Hi Kurt,
Terrific! What's your next step now? Where do you intend to publish it?
PS. I know a real person who's name is Marco Polo ;-)
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. http://www.startcom.org
XMPP: start...@startcom.org xmpp:start...@startcom.org
Blog: Join
to trust that they are doing a good job...
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
browser or email client are using the DBs.
Hopefully I've done that correct:
certutil -L cert8.db
certutil-bin: function failed: security library: bad database.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
Eddy Nigg (StartCom Ltd.):
Hopefully I've done that correct:
certutil -L cert8.db
certutil-bin: function failed: security library: bad database.
By chance I was able to solve the problem for me, which involved
removing an exception for that domain and certificate. Now I'll poke
around
: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto
were able to crack the private key after
in-depth cryptographic analysis. Kaspersky Lab virus researchers have to
date been able to crack keys up to 660 bits.
Paul, perhaps that's the one I saw, however some details would be
obviously better...
Regards
Signer: Eddy Nigg, StartCom Ltd
/rsalabs/node.asp?id=2879
http://www.loria.fr/%7Ezimmerma/records/factor.html
Thanks, those are the ones I meant.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
a wild card cert) but the same server cert, the error
remains. RC2 didn't solved that problem for me. When using a different
profile, everything runs clear. Did anybody else see such a behavior? Is
there a way to get out of it?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
Frank Hecker:
I tried out my own site on it, and got a C.
LOL, I got a A 80 :-)
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
knows what it means too - which I doubt. In short, a best
effort you might find perhaps somewhere else, I'd rather say it's a
defined and forced upon the CAs effort ;-)
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED
.
(This is one of the reasons why I don't believe it's viable to charge
per-certificate, but rather per-timeperiod.)
Or how about a per validation charge since this is really the real
effort a CA does? ;-)
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
validation when performing through electronic and
automated means.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
of an
affected key and now the poor guy can't even get in there changing the
certificate.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
isn't such a bad
thing to establish initial authorization and control over the domain.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
with Frank before turning to you
for any further help. Thanks for your cooperation!
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
Does the document http://www.entrust.net/CPS/pdf/webcps051404.pdf not
apply for this root and if so how do you know about it?
Per Entrust, at present this root has only one subordinate CA, the
Entrust Certification Authority - L1A used
an effect on this? Certs will
have to be issued from the new root at some point and I'm not sure how a
certificate signed from a 1024 bit key doesn't require re-issuance from
a new 2048 key if the old key becomes obsolete and the EE cert is still
valid.
Regards
Signer: Eddy Nigg
in every respect and 2012, maybe 2013
sounds to me doable and still within the time frame of such keys not
being a risk yet.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
That's nice, but how can *I* also know about it? Would it be possible to
confirm it at the bug (that only EV certificates will be issued from
that root ) and remove the OV attribute from
http://www.mozilla.org/projects/security/certs/pending
party sources isn't really enough,
isn't it? Or can I be really also Frank Hecker if I know all your details?
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
a
2048-bit RSA modulus.
Maybe they meant to say that roots should expire before 2030 if the key
is 2048 bit and not bigger than that.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution
to be a CA and uses a 2048 bit key, I except support for at
least that key size.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
, else I'd like to
comment further.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev
Nukeador:
Eddy Nigg (StartCom Ltd.) escribió:
Nukeador:
Cristina has just opened a new bug with the information:
https://bugzilla.mozilla.org/show_bug.cgi?id=435736
Congratulations. Now I think Frank can accept that bug.
So now we can track the status at
http://www.mozilla.org/projects
rather fast.
...which has not been done yet, at least in public. The largest is
still 528 bits, I believe.
Which reference? It's interesting to know about...
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
more...it can't have disappeared like that...
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Eddy Nigg (StartCom Ltd.):
If you know something we don't, it would be really
useful to the whole Internet community to hear more.
I will look for it somewhat more...it can't have disappeared like that...
The only thing I found so far (and which isn't the one I was referring
desktop for a while.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto
Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
the date in (a).
That sounds like a good plan! Reality might hasten the arrival of (b)
perhaps depending on developments we can't foresee.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join
: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto
issue extended validation (EV) certificates.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
pascal:
Yes, apparently this information did not cross the pool to the european
office...
:-)
I'd say that all of these informations are provided into the 200 pages
document provided by FNMT,
Which document? Can you point me to a link? I haven't seen anything like
this...perhaps if
Eddy Nigg (StartCom Ltd.):
Buenas noches
Excusez-moi, je voulais dire *bonne nuit*... ;-)
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
of the process perhaps. I hope that we are
in sync now...
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
:
http://wiki.mozilla.org/CA:Root_Certificate_Requests
There is nothing else you can do at this stage.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
Nukeador:
Eddy Nigg (StartCom Ltd.) escribió:
Please make FNMT or the individual CAs aware of this fact and ask
them to make a request for inclusion according to the guidelines from
here: http://wiki.mozilla.org/CA:Root_Certificate_Requests
There is nothing else you can do at this stage
Nukeador:
Eddy Nigg (StartCom Ltd.) escribió:
OK, I understand. This request is fairly new, but I also can't see
anywhere at this bug that the representative of this CA submitted and
completed all information required to start any evaluation according
to http://wiki.mozilla.org
and public
comment period, as before.
Excellent! And welcome Kathleen!
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
(Open Source is about Trust)
[2] https://blog.startcom.org/?p=85 (Randomly Broken Randomness)
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
Julien R Pierre - Sun Microsystems:
Eddy,
Eddy Nigg (StartCom Ltd.) wrote:
The page says: One noteworthy detail are the issuer and serial number
fields, those most be provided in their encoded form (*as stored in the
certificate*) and transformed to base64.
What does that mean? Is it HEX
for the
test_ev_roots.txt file.
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing
Eddy Nigg (StartCom Ltd.):
Hi Kai,
Kai Engert:
I have one on my local system.
Kai
Could you make a small test by using the OID 1.3.6.1.4.1.23223.1.1.5
and our root (Sha1
3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F )and
access the site https://ev.mediahost.org
Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
Eddy Nigg (StartCom Ltd.):
During recent testing I suspect that intermediate CA certificates
which have an OCSP URI value in the AIA extension aren't looked up at
the OCSP server even with the settings to do so (Using FF3). Is this
behavior correct? Is it expected and by design? Else
Nelson B Bolyard:
In all versions of Mozilla browsers shipped to date, OCSP checking is
only done for EE (leaf, server) certs, not for CA certs. However,
beginning in Firefox 3, for EV certs only, all certs in the chain that
have OCSP AIA extensions are checked with OCSP.
OK, than my
happens.)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto
and email
validation in this specific CPS (which I found from the pending request
page) which seems to address only web servers.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
, DigiNotar never claimed that they verify email
addresses and this is fine with me as long as the email trust bit is set
to false. Certainly not blaming DigiNotar, but Entrust should have known
otherwise!)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
Eddy Nigg (StartCom Ltd.):
Another consideration I want to through into this discussion
Should have been throw
I promise to proofread my messages better in the future ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp
process
for CAs (one person decision).
Frank, could we work out a plan and time frame for the points above? Are
there other issues which should be added? Other suggestions, objections?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL
invest some time in changes for the Mozilla policy. The points above
will solve itself once the utility is ready. I guess I'd also hire
somebody to populate the DB with existing CAs and their information.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
of Mozilla as well. The tool I offered and suggested would
make it possible to govern such a requirement with a minimal effort. I
think this thought to be worth for consideration (both the tool and the
re-auditing requirement). Suggestions?
--
Regards
Signer: Eddy Nigg, StartCom Ltd
being included in an EV SSL
certificate. No requirements exist concerning validation of email
addresses either.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
the
claims are correct and email address fields are allowed or required for
EV SSL server certificates and *no* extended key usage is set *and*
validation of the email address does not have to be performed, I suggest
to take this to the CAB forum urgently!
--
Regards
Signer: Eddy Nigg
guidelines correctly
which would be a different problem).
I suggest to consult with the CAB forum about what exactly must be or
shouldn't be in case we can't reach a conclusion by ourselves.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL
knowledge these should be moved:
Comodo
DigiCert
GoDaddy
IdenTrust
Network Solutions (Will be applied soon, is approved)
QuoVadis
SwissSign
Trustwave
Turktrust
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED
Eddy Nigg (StartCom Ltd.):
Hi Frank,
Is it possible to move the approved and included CAs from the pending
page (http://www.mozilla.org/projects/security/certs/pending/) to the
included page
(http://www.mozilla.org/projects/security/certs/included/)? It makes
it perhaps easier to see
audit report already ready and I suggest to carefully review this
issue. Should no re-audit have taken place, then DigiNotar is not
conforming to the EV criteria and must not receive EV status in NSS.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing
status as well if they haven't already (assuming there is no updated
audit, otherwise all is fine).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
Frank Hecker:
Once I check in a change to the page in CVS, it takes up to an hour to
show up on the actual web site. Try it again now.
I think more then an hour has past and refreshing doesn't help. Are you
sure this worked?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
dev-tech
Frank Hecker:
Yes, because I checked the live site using my version of Firefox as well
as Safari, and was able to see the change.
Yes, eventually I saw the updated changes. Looks good...are you moving
the other now?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
to take into
account when I see fit. VMs make sense in many, many cases and I'm not
against it when applied correctly, still for certain stuff it doesn't.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
for other ways
(already now) as possible solutions should one day the schedule of
updates change (and FF3 turns out to be flawless without any bugs ;-) ).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED
with this will be very little in comparison to now)...I
imagine a few clicks will do all the work ;-)
We'd want a grace period to include that time.
I suggested this as well, perhaps two or three month the most.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
for the task we have to
achieve here...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
, perhaps Mozilla wants to build something like this on its own,
which would be fine with me as well...just get something done here, I
feel like in the digital stone age sometimes ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp
Frank Hecker:
Eddy Nigg (StartCom Ltd.) wrote:
Considering for a minute your statement above, what are the CAs in
question doing in order to guaranty domain/email ownership? What are the
controls in place which let them rely on identity validation only?
This is where I think we need
to true in case no email
validation is performed.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Nederlanden Root CA in respect to email validation? Judging from
the details of that root, this is a legacy root.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Eddy Nigg (StartCom Ltd.):
I just wonder why the h*** Google anti-phishing tool still allows me
to go to
http://comerica.connect.tmconnectweb.login.cgi.msg5984.time32491989.webbizcompany.c1b9r62whf314lx53xq.secureserv.onlineupdatemirror66272.comerica.certificateupdate.cxv32.com/logon.htm
: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Comerica TM Connect Web Bank Renewal
Certificate Renewal
Personal (Smartcard) e-Cert Personal e
CA issued by the Network Solutions Certificate Authority
for each major type of certificate we issue.
Terrific! Perhaps you only should make that clear in your CP/CPS...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp
and the place to
say something :-)
Section 13 of the Mozilla CA policy refers to what I mentioned and the
EV guidelines requires it to all of my knowledge.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
I've lost the bug number for the bug concerning the recent UI changes
,which also involved EV. Can anybody tell me which one is it?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution
I explained
why other higher validations make sense.
Again, Mozilla can decide if it wants to be an active player and if it
has something more to offer also in respect to PKI. It can remain
passive and continue to follow...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
thing to have) and this subject
can be put aside. I made the arguments and you made the decision and you
take responsibility (what Mozilla concerns).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog
:-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech-crypto mailing list
. Additionally I think IE
sends every time the certificate when asked by the server, after a
decision has been made which certificate to use. In order to use a
different certificate for example, one needs to close IE and login again.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http
directly to them.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
___
dev-tech
to maintain the dominance of a
market sector which exists only for the purposes of extortion from
people who want to try to do the Right Thing[tm].
I think all you need is to remove one shared library. Forgot which one...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
then regular CAs, if and how. I believe not, instead CAs should be
usable by all Netizens, but as Frank indicated, there could be other
problems with it, like people forced to be using IE or other
implications. In that case a limitation would make sense...
--
Regards
Signer: Eddy Nigg
are not in agreement. And I'm still not sure
exactly what is it that we want...also some questions I asked remained
unanswered.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
stored in software, then lets get rid of the
relevant recommendations as well.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
and auditing where only
the root CA is covered, but the real CA business is really elsewhere.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
(and how it's validated etc). But it got better and
not worse at least...
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
am I a citizen of Zimbabwe, so it doesn't apply
to me either... I guess I represent in that respect the majority of a
typical user.
Nope, I guess we'll have to find something better then that (if at all).
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber
challenge (to
formulate that in a mild language). Their sub CAs are however regular
CAs in every respect.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone
I'm not aware of any other CA which issues
certificates for this life-span (ten years).
Eddy Nigg (StartCom Ltd.):
Robin Alden:
[Robin said...]
If I understand you correctly you are saying that considering lack of
evidence to the contrary you believe that Comodo is solely responsible
or should it remain as
is? Should a working group be created for dealing with aspects of the
Mozilla CA policy? Is the way we deal today sustainable over time? Other
suggestions?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp
if requested).
Regards
Robin
Thank you for your cooperation so far!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
Eddy Nigg (StartCom Ltd.):
KISA is a CA authorized and commissioned by the their government,
however the operating CAs are not government CAs, but regular CAs with
commercial interests etc. So this makes it a bit tricky I think...
I forgot to add, that there is a difference between a CA
would call out for your CA to adjust!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone: +1.213.341.0390
that this will be evenly applied upon
all CAs currently in NSS? If not, can you please provide an alternative,
solving the issues at hand and explain what Comodo would be willing to
implement instead?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL
! Additionally, to all
of my knowledge, other CAs had to undergo the very same process as well
and your situation isn't unique!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http
and/or smaller software vendors and CAs. Nobody knows what
Jonathan does at the CAB forum eithe, nor do we know what the CAB forum
does at all.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join
. More
than that, after this process completes, your CA roots are accepted in
NSS not as legacy roots from the Netscape era, but as roots which
performed a thorough inclusion process based on the Mozilla CA policy.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
1 - 100 of 274 matches
Mail list logo